[VULNERABILITY ALERT] Oracle Releases Critical Security Advisories for Multiple Products (CVE-2026-21962) (CVE-2026-21969)

• Subject: [VULNERABILITY ALERT] Oracle Releases Critical Security Advisories for Multiple Products (CVE-2026-21962) (CVE-2026-21969)

• Content Description:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center (TWCERTCC) Security Alert TWCERTCC-200-202601-00000019
  • [CVE-2026-21962, CVSS: 10.0] This vulnerability exists in Oracle HTTP Server and Oracle WebLogic Server Proxy Plug-in of Oracle Fusion Middleware. It allows unauthenticated attackers to access related services via HTTP; successful exploitation could lead to unauthorized creation, deletion, modification, and access of sensitive data.
  • [CVE-2026-21969, CVSS: 9.8] This vulnerability exists in Oracle Agile Product Lifecycle Management for Process of Oracle Supply Chain. It allows unauthenticated attackers to compromise the system via HTTP access, leading to a complete takeover of the system.
• Affected Platforms:
  • Oracle Fusion Middleware 12.2.1.4.0
  • Oracle Fusion Middleware 14.1.1.0.0
  • Oracle Fusion Middleware 14.1.2.0.0
  • Oracle Supply Chain 6.2.4
• Recommended Actions:
  • Please perform patching according to the solutions released on the official website: https://www.twcert.org.tw/tw/cp-169-10649-8c72e-1.html
• Reference Material:
  • 1 https://www.twcert.org.tw/tw/cp-169-10649-8c72e-1.html

Computer and Communication Center
Network Systems Division, Respectfully